#2916: Consider client sychronization in vdt-update-certs

#

Mon Aug 20 13:46:18 2007

roy - Ticket created

Subject:

Consider client sychronization in vdt-update-certs

Download (untitled) / with headers
text/plain 863b

vdt-update-certs has a problem when their are failures.

After a failure to get the certificates, the script retries once an
hour. Imagine the VDT web site goes down for a while. Various clients
will enter this retry phase. The longer the outage, the greater the
percentage of clients.

When the VDT web server becomes accessible again, all retrying clients
will hit over an over time span. If the web site is unavailable for more
than 23 hours, this would probably be 100% of clients. Problem 1: when
we come back up, we get hit hard.

At this point, they all "reset the clock", and will fetch the new CA
certificates every 24 hours. So we'll get sacked again 24 hours later.

We need to do something to redistribute the times that the clients retry
upon failure so that they don't synchronize. Or we need to have a
different way of recovering from failures.

#	Thu Oct 04 17:45:52 2007	roy - Priority changed from '4' to '3'

#	Mon Oct 08 16:36:54 2007	roy - Priority changed from '3' to '2'

#	Tue Nov 13 14:32:42 2007	roy - Priority changed from '2' to '3'

#	Mon Nov 19 13:49:33 2007	kronenfe - Taken

#	Tue Nov 20 13:22:35 2007	kronenfe - Status changed from 'new' to 'resolved'

#	Tue Nov 20 13:22:51 2007	kronenfe - Fixed in 1.8.1e added

#	Tue Nov 20 13:23:12 2007	kronenfe - Fix scheduled CUR added

#	Thu Dec 06 10:53:17 2007	kronenfe - Fixed in 1.8.1e changed to 1.8.1f